Regain access to nginxproxymanager
I'm a Team Lead and Solutions Architect during the day, lazy "Dev Sec Ops" at night with a passion for selfhosting and data privacy. Free and Open Source advocate since 2005, I sporadically write Blog or Gemlog posts and share short notes and bookmarks on my website.
Today, a short post that might help other and future me: what to do if you loose your NginxProxyManager password.
NginxProxyManager doesn’t provide a command line tool to edit or change user passwords… After a bit of searching, it seems the only way is to update some database fields… And apparently, there are 2 options. I’ll talk about both, but used only the one that I thought was simpler and more elegant.
First, connect to your database. The process to do so depends on if you use MySQL/MariaDB or SQLite. I’m using the later, so it was as simple as running sqlite3 /path/to/database.sqlite. Small advice: you should backup your database first, just in case :). To do so, I stopped the nginxproxymanager service and simply copy/pasted the .sqlite file. It would be a tad more complex with a MySQL database, but still easy enough to do before jumping into updating some fields.
For info, th user table looks like this:
cid name type notnull dflt_value pk
--- ----------- ------------ ------- ---------- --
0 id integer 1 1
1 created_on datetime 1 0
2 modified_on datetime 1 0
3 is_deleted integer 1 '0' 0
4 is_disabled integer 1 '0' 0
5 email varchar(255) 1 0
6 name varchar(255) 1 0
7 nickname varchar(255) 1 0
8 avatar varchar(255) 1 0
9 roles json 1 0
To see what was in there, I used select * from user;, and it gave me something like this:
id created_on modified_on is_deleted is_disabled email name nickname avatar roles
-- ------------------- ------------------- ---------- ----------- ----------------- --------- --------- --------------------------------------------------------------------- ---------
1 2023-05-23 18:52:11 2023-05-23 18:53:21 0 0 xxxxx@xxxxx xxxxx xxxxxxxxx //www.gravatar.com/avatar/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ["admin"]
Apparently, one of the method is to change is_deleted to 1, and it should create another default user with the following credentials: admin@example.com / changeme.
I didn’t do this because I didn’t want to create another user, I thought updating the existing one’s password should be enough. Password are stored in the auth table that has the following fields:
cid name type notnull dflt_value pk
--- ----------- ------------ ------- ---------- --
0 id integer 1 1
1 created_on datetime 1 0
2 modified_on datetime 1 0
3 user_id integer 1 0
4 type varchar(30) 1 0
5 secret varchar(255) 1 0
6 meta json 1 0
7 is_deleted integer 1 '0' 0
So here, I simply change the secret of my current user. I used $2b$13$C9mJYK7Gf7sVgCCYw84HhOvOIpnyhkdGqwIp0PPj/s9.q0bxkoMZe that is the encrypted version of changeme. To do so, I ran:
update auth set secret = "$2b$13$C9mJYK7Gf7sVgCCYw84HhOvOIpnyhkdGqwIp0PPj/s9.q0bxkoMZe" where user_id = 1;
Check that your user is indeed id 1 or change the query accordingly.
Then, you can go the web UI, connect with your email and changeme as the password and it should simply work :). Don’t forget to change the password to something else as soon as possible!
Many thanks to this github thread that helped a lot.
From the « Loosing all my data »: collection:
- A mix of password recovery tips
- Regaining access to my matrix admin account
- New GPG Key
- Create an encrypted external hard drive
- Regain access to nginxproxymanager
- Quick status of my journey getting back access to my servers and services
- Regain access to a raspberry pi running raspbian
- Regaining access to Proxmox VMs and Containers
- Facing my digital worse nightmare